Solve : Infected wuauclt.exe?

1.	Solve : Infected wuauclt.exe?
Answer» If ComboFix is still on your computer you should find it on your desktop. If you can't find, please download and install another one and run another scan and post the log.ComboFix 10-09-29.01 - Jinju 09/29/2010 18:12:08.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.437 [GMT -4:00] Running from: c:\users\Jinju\Desktop\ComboFix.exe SP: AVG Anti-Spyware disabled (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604} SP: SUPERAntiSpyware disabled (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new RESTORE point . ((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 ))))))))))))))))))))))))))))))) . 2010-09-29 22:28 . 2010-09-29 22:28--------d-----w-c:\users\Public\AppData\Local\temp 2010-09-29 22:28 . 2010-09-29 22:28--------d-----w-c:\users\Jinhee\AppData\Local\temp 2010-09-29 22:28 . 2010-09-29 22:28--------d-----w-c:\users\Default\AppData\Local\temp 2010-09-29 22:07 . 2010-09-29 22:08--------d-----w-C:\32788R22FWJFW 2010-09-28 20:44 . 2010-06-22 12:572048----a-w-c:\windows\system32\tzres.dll 2010-09-23 20:19 . 2010-09-23 20:191377632----a-w-c:\programdata\avg9\update\backup\avgssff.dll 2010-09-23 20:19 . 2010-09-23 20:19598368----a-w-c:\programdata\avg9\update\backup\avgsrmx.dll 2010-09-23 20:19 . 2010-09-23 20:19942432----a-w-c:\programdata\avg9\update\backup\avgcfgx.dll 2010-09-23 20:19 . 2010-09-23 20:194371296----a-w-c:\programdata\avg9\update\backup\avgcorex.dll 2010-09-23 20:19 . 2010-09-23 20:19300896----a-w-c:\programdata\avg9\update\backup\avgchclx.dll 2010-09-23 20:15 . 2010-09-23 20:151690952----a-w-c:\programdata\avg9\update\backup\avgupd.dll 2010-09-23 07:21 . 2010-04-14 17:47293376----a-w-c:\windows\system32\psisdecd.dll 2010-09-23 07:21 . 2010-04-14 17:46428544----a-w-c:\windows\system32\EncDec.dll 2010-09-23 07:18 . 2009-11-08 14:5599176----a-w-c:\windows\system32\PresentationHostProxy.dll 2010-09-23 07:18 . 2009-11-08 14:5549472----a-w-c:\windows\system32\netfxperf.dll 2010-09-23 07:18 . 2009-11-08 14:55297808----a-w-c:\windows\system32\mscoree.dll 2010-09-23 07:18 . 2009-11-08 14:55295264----a-w-c:\windows\system32\PresentationHost.exe 2010-09-23 07:18 . 2009-11-08 14:551130824----a-w-c:\windows\system32\dfshim.dll 2010-09-23 00:17 . 2010-06-11 15:31274432----a-w-c:\windows\system32\schannel.dll 2010-09-23 00:17 . 2008-08-02 01:01625152----a-w-c:\windows\system32\drivers\dxgkrnl.sys 2010-09-23 00:17 . 2008-06-26 03:29565248----a-w-c:\windows\system32\emdmgmt.dll 2010-09-23 00:17 . 2008-08-02 03:2636864----a-w-c:\windows\system32\cdd.dll 2010-09-23 00:17 . 2008-06-26 03:2945056----a-w-c:\windows\system32\dataclen.dll 2010-09-23 00:17 . 2008-05-20 02:07148480----a-w-c:\windows\system32\drivers\nwifi.sys 2010-09-23 00:17 . 2010-05-27 19:1681920----a-w-c:\windows\system32\iccvid.dll 2010-09-23 00:17 . 2009-08-24 12:16378368----a-w-c:\windows\system32\winhttp.dll 2010-09-23 00:17 . 2010-04-05 16:0767072----a-w-c:\windows\system32\asycfilt.dll 2010-09-23 00:17 . 2010-06-21 13:182036736----a-w-c:\windows\system32\win32k.sys 2010-09-23 00:08 . 2010-06-08 17:003598216----a-w-c:\windows\system32\ntkrnlpa.exe 2010-09-23 00:08 . 2010-06-08 17:003545992----a-w-c:\windows\system32\ntoskrnl.exe 2010-09-23 00:07 . 2010-04-16 16:101314816----a-w-c:\windows\system32\quartz.dll 2010-09-23 00:07 . 2010-06-11 15:301257472----a-w-c:\windows\system32\msxml3.dll 2010-09-23 00:07 . 2008-09-18 04:56125952----a-w-c:\windows\system32\wersvc.dll 2010-09-23 00:07 . 2008-09-18 04:56147456----a-w-c:\windows\system32\Faultrep.dll 2010-09-23 00:07 . 2010-06-18 14:43302080----a-w-c:\windows\system32\drivers\srv.sys 2010-09-23 00:07 . 2010-06-18 14:43144896----a-w-c:\windows\system32\drivers\srv2.sys 2010-09-23 00:07 . 2008-05-08 21:5990112----a-w-c:\windows\system32\wshext.dll 2010-09-23 00:07 . 2008-05-08 21:59155648----a-w-c:\windows\system32\wscript.exe 2010-09-23 00:07 . 2008-05-08 21:59180224----a-w-c:\windows\system32\scrobj.dll 2010-09-23 00:07 . 2008-05-08 21:59172032----a-w-c:\windows\system32\scrrun.dll 2010-09-23 00:07 . 2008-05-08 21:58135168----a-w-c:\windows\system32\cscript.exe 2010-09-23 00:03 . 2008-04-05 03:3415360----a-w-c:\windows\system32\pacerprf.dll 2010-09-23 00:03 . 2008-04-05 01:2172192----a-w-c:\windows\system32\drivers\pacer.sys 2010-09-23 00:03 . 2010-04-16 16:0528672----a-w-c:\windows\system32\Apphlpdm.dll 2010-09-23 00:03 . 2010-04-16 14:174240384----a-w-c:\windows\system32\GameUXLegacyGDFs.dll 2010-09-23 00:02 . 2010-06-18 16:4336352----a-w-c:\windows\system32\rtutils.dll 2010-09-23 00:02 . 2010-05-26 14:25289792----a-w-c:\windows\system32\atmfd.dll 2010-09-23 00:02 . 2009-10-19 14:2472704----a-w-c:\windows\system32\fontsub.dll 2010-09-23 00:02 . 2010-05-26 16:1634304----a-w-c:\windows\system32\atmlib.dll 2010-09-23 00:02 . 2009-06-15 15:2010240----a-w-c:\windows\system32\dciman32.dll 2010-09-23 00:00 . 2010-06-16 15:59898952----a-w-c:\windows\system32\drivers\tcpip.sys 2010-09-22 23:51 . 2010-08-17 13:32126464----a-w-c:\windows\system32\spoolsv.exe 2010-09-22 23:40 . 2010-04-16 16:10501760----a-w-c:\windows\system32\usp10.dll 2010-09-22 23:34 . 2010-04-05 16:08317952----a-w-c:\windows\system32\MP4SDECD.DLL 2010-09-22 23:26 . 2010-05-27 19:16738816----a-w-c:\windows\system32\inetcomm.dll 2010-09-22 23:25 . 2009-10-19 14:27156672----a-w-c:\windows\system32\t2embed.dll 2010-09-22 23:25 . 2010-02-23 11:32105984----a-w-c:\windows\system32\drivers\mrxsmb.sys 2010-09-22 23:25 . 2010-02-23 11:3278848----a-w-c:\windows\system32\drivers\mrxsmb20.sys 2010-09-22 23:25 . 2010-02-23 11:32212992----a-w-c:\windows\system32\drivers\mrxsmb10.sys 2010-09-22 23:24 . 2009-07-11 19:32513024----a-w-c:\windows\system32\wlansvc.dll 2010-09-22 23:24 . 2009-07-11 19:32302592----a-w-c:\windows\system32\wlansec.dll 2010-09-22 23:24 . 2009-07-11 19:32293376----a-w-c:\windows\system32\wlanmsm.dll 2010-09-22 23:24 . 2009-07-11 19:29127488----a-w-c:\windows\system32\L2SecHC.dll 2010-09-22 23:22 . 2009-08-14 14:169728----a-w-c:\windows\system32\TCPSVCS.EXE 2010-09-22 23:22 . 2009-08-14 14:1617920----a-w-c:\windows\system32\ROUTE.EXE 2010-09-22 23:22 . 2009-08-14 14:1627136----a-w-c:\windows\system32\NETSTAT.EXE 2010-09-22 23:21 . 2009-08-14 16:29104960----a-w-c:\windows\system32\netiohlp.dll 2010-09-22 23:21 . 2009-08-14 14:1611264----a-w-c:\windows\system32\MRINFO.EXE 2010-09-22 23:21 . 2009-08-14 14:168704----a-w-c:\windows\system32\HOSTNAME.EXE 2010-09-22 23:21 . 2009-08-14 14:1610240----a-w-c:\windows\system32\finger.exe 2010-09-22 23:21 . 2009-08-14 14:1619968----a-w-c:\windows\system32\ARP.EXE 2010-09-22 23:21 . 2009-08-14 16:2917920----a-w-c:\windows\system32\netevent.dll 2010-09-22 23:19 . 2009-09-10 17:30213504----a-w-c:\windows\system32\msv1_0.dll 2010-09-22 23:09 . 2008-10-22 03:57241152----a-w-c:\windows\system32\PortableDeviceApi.dll 2010-09-22 04:34 . 2008-06-20 01:1497800----a-w-c:\windows\system32\infocardapi.dll 2010-09-22 04:34 . 2008-06-20 01:14105016----a-w-c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2010-09-22 04:34 . 2008-06-20 01:1411264----a-w-c:\windows\system32\icardres.dll 2010-09-22 04:34 . 2008-06-20 01:14622080----a-w-c:\windows\system32\icardagt.exe 2010-09-22 04:34 . 2008-06-20 01:14781344----a-w-c:\windows\system32\PresentationNative_v0300.dll 2010-09-22 04:25 . 2008-07-27 18:03158720----a-w-c:\windows\system32\mscorier.dll 2010-09-22 04:25 . 2008-07-27 18:0383968----a-w-c:\windows\system32\mscories.dll 2010-09-22 04:22 . 2010-02-20 23:3924064----a-w-c:\windows\system32\nshhttp.dll 2010-09-22 04:22 . 2010-02-20 23:3731232----a-w-c:\windows\system32\httpapi.dll 2010-09-22 04:22 . 2010-02-20 21:18411136----a-w-c:\windows\system32\drivers\http.sys 2010-09-22 03:59 . 2010-04-29 19:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-22 03:59 . 2010-04-29 19:3920952----a-w-c:\windows\system32\drivers\mbam.sys 2010-09-22 03:40 . 2010-09-22 03:4052224----a-w-c:\users\Jinju\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-09-22 03:40 . 2010-09-22 03:4063488----a-w-c:\users\Jinju\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-09-22 03:40 . 2010-09-22 03:40117760----a-w-c:\users\Jinju\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-09-21 22:00 . 2010-09-21 22:00165632---ha-w-c:\windows\system32\mlfcache.dat 2010-09-21 22:00 . 2010-09-21 22:002788816----a-w-c:\users\Jinju\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-09-21 11:56 . 2010-09-21 11:56658184----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-09-21 11:28 . 2010-09-21 11:28--------d-----w-c:\programdata\Office Genuine Advantage 2010-09-21 05:37 . 2010-09-21 05:372384752----a-w-c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe 2010-09-21 05:28 . 2010-09-21 05:2920519176----a-w-c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe 2010-09-21 05:08 . 2008-01-19 07:361541120----a-w-c:\windows\system32\onex.dll 2010-09-21 05:08 . 2008-01-19 07:332623488----a-w-c:\windows\system32\SLsvc.exe 2010-09-21 05:06 . 2008-01-19 07:361013760----a-w-c:\windows\system32\wevtsvc.dll 2010-09-21 05:04 . 2008-01-19 07:35216064----a-w-c:\windows\system32\ntprint.dll 2010-09-21 05:03 . 2008-01-19 07:36242688----a-w-c:\windows\system32\pdh.dll 2010-09-21 05:02 . 2008-01-19 07:34394240----a-w-c:\windows\system32\dsquery.dll 2010-09-21 05:01 . 2008-01-19 07:371329152----a-w-c:\windows\system32\WMSPDMOE.DLL 2010-09-21 05:00 . 2008-01-19 07:3331744----a-w-c:\windows\system32\bitsigd.dll 2010-09-21 04:59 . 2008-01-19 07:3317408----a-w-c:\windows\system32\cfgmgr32.dll 2010-09-21 04:58 . 2008-01-19 07:33599552----a-w-c:\windows\system32\vsp1cln.exe 2010-09-21 04:57 . 2008-01-19 07:34102400----a-w-c:\windows\system32\wbem\mofinstall.dll 2010-09-21 04:57 . 2008-01-19 07:3683968----a-w-c:\windows\system32\wbem\wmiutils.dll 2010-09-21 04:57 . 2008-01-19 07:36742912----a-w-c:\windows\system32\wbem\wbemcore.dll 2010-09-21 04:57 . 2008-01-19 07:3630208----a-w-c:\windows\system32\wbem\wbemprox.dll 2010-09-21 04:57 . 2008-01-19 07:36357888----a-w-c:\windows\system32\wbemcomn.dll 2010-09-21 04:57 . 2008-01-19 07:36264704----a-w-c:\windows\system32\wbem\repdrvfs.dll 2010-09-21 04:57 . 2008-01-19 07:34191488----a-w-c:\windows\system32\wbem\mofd.dll 2010-09-21 04:57 . 2008-01-19 07:34263168----a-w-c:\windows\system32\wbem\esscli.dll 2010-09-21 04:56 . 2008-01-19 07:36139264----a-w-c:\windows\system32\SmiInstaller.dll 2010-09-21 04:56 . 2008-01-19 07:36704512----a-w-c:\windows\system32\SmiEngine.dll 2010-09-21 04:56 . 2008-01-19 07:36218624----a-w-c:\windows\system32\wdscore.dll 2010-09-21 04:56 . 2008-01-19 07:33130560----a-w-c:\windows\system32\PkgMgr.exe 2010-09-21 04:54 . 2008-01-19 07:34246784----a-w-c:\windows\system32\drvstore.dll 2010-09-21 04:54 . 2008-01-19 07:3535328----a-w-c:\windows\system32\mspatcha.dll 2010-09-21 04:54 . 2008-01-19 07:34305152----a-w-c:\windows\system32\msdelta.dll 2010-09-21 04:54 . 2008-01-19 07:34258560----a-w-c:\windows\system32\dpx.dll 2010-09-21 04:52 . 2008-10-21 05:251645568----a-w-c:\windows\system32\connect.dll 2010-09-21 04:51 . 2010-01-25 08:34511488----a-w-c:\windows\system32\RMActivate.exe 2010-09-21 04:51 . 2010-01-25 08:35523776----a-w-c:\windows\system32\RMActivate_isv.exe 2010-09-21 04:51 . 2010-01-25 12:48472576----a-w-c:\windows\system32\secproc_isv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-23 22:55 . 2010-09-23 22:550---ha-w-c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-09-23 20:30 . 2008-07-25 21:33--------d-----w-c:\users\Jinju\AppData\Roaming\OpenOffice.org2 2010-09-23 07:54 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2010-09-23 07:26 . 2007-06-29 13:00--------d-----w-c:\programdata\Microsoft Help 2010-09-22 00:25 . 2007-09-05 00:5097936----a-w-c:\users\Jinju\AppData\Local\GDIPFONTCACHEV1.DAT 2010-09-22 00:16 . 2006-11-02 10:2586016----a-w-c:\windows\Inf\infstor.dat 2010-09-22 00:16 . 2006-11-02 10:2551200----a-w-c:\windows\Inf\infpub.dat 2010-09-22 00:16 . 2006-11-02 10:25143360----a-w-c:\windows\Inf\infstrng.dat 2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Sidebar 2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Calendar 2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Collaboration 2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Journal 2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Photo Gallery 2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Defender 2010-09-22 00:01 . 2006-11-02 10:25665600----a-w-c:\windows\Inf\drvindex.dat 2010-09-21 23:14 . 2006-11-02 10:32101888----a-w-c:\windows\system32\ifxcardm.dll 2010-09-21 23:13 . 2006-11-02 10:3282432----a-w-c:\windows\system32\axaltocm.dll 2010-09-21 06:42 . 2007-06-29 12:58--------d-----w-c:\program files\Microsoft Works 2010-09-21 06:32 . 2008-08-07 02:45--------d-----w-c:\programdata\WildTangent 2010-09-21 06:32 . 2008-03-29 02:28--------d-----w-c:\program files\Safari 2010-09-21 06:32 . 2008-08-11 03:25--------d-----w-c:\program files\QuickTime 2010-09-21 06:32 . 2007-09-10 01:12--------d-----w-c:\program files\NetZero 2010-09-21 06:32 . 2008-08-11 03:29--------d-----w-c:\program files\iTunes 2010-09-21 06:32 . 2006-11-30 22:49--------d-----w-c:\program files\HP Games 2010-09-21 06:32 . 2008-08-11 03:27--------d-----w-c:\program files\Bonjour 2010-09-21 06:29 . 2007-10-22 07:00--------d-----w-c:\users\Jinju\AppData\Roaming\Move Networks 2010-09-21 06:29 . 2007-09-10 01:19--------d-----w-c:\program files\iPod 2010-09-21 06:29 . 2007-06-29 13:05--------d-----w-c:\program files\HP 2010-09-21 03:49 . 2007-09-05 02:3613025----a-w-c:\users\Jinju\AppData\Roaming\nvModes.dat 2010-09-21 03:25 . 2007-10-03 03:09--------d-----w-c:\programdata\Viewpoint 2010-09-19 22:45 . 2008-07-08 21:07--------d-----w-c:\program files\AVG 2010-09-15 22:51 . 2010-06-27 19:43--------d-----w-c:\programdata\WinZip 2010-09-14 04:00 . 2007-11-29 01:091356----a-w-c:\users\Jinju\AppData\Local\d3d9caps.dat 2010-09-13 13:49 . 2010-02-16 20:17--------d-----w-c:\program files\Microsoft Silverlight 2010-09-08 00:30 . 2009-05-28 18:37--------d-----w-c:\programdata\Motive . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . NOTE empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2007-03-07 1629184] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 1474560] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-18 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-18 7753728] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-18 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128] c:\users\Jinju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\V CAST Music Manager\MEMonitor.exe [2007-11-2 951640] OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2007-6-29 34520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S4 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --- Other Services/Drivers In Memory --- Deregistered - AvgLdx86 . Contents of the 'Scheduled Tasks' folder 2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{90EE62B4-9066-4567-B527-472EEF2CA871}.job - c:\windows\system32\msfeedssync.exe [2010-09-21 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=aim mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://my.netzero.net/s/SEARCH?r=minisearch IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228 IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: netzero.com Trusted Zone: netzero.net FF - ProfilePath - c:\users\Jinju\AppData\Roaming\Mozilla\Firefox\Profiles\w5fweigy.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-29 18:28 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-09-29 18:33:46 ComboFix-quarantined-files.txt 2010-09-29 22:33 Pre-Run: 73,712,840,704 bytes free Post-Run: 73,612,976,128 bytes free - - End Of File - - BAAE23D9312E5BAE78E43F64E6E7ED60oh and what is an HJT? You've never told me to run it before and I have no idea what that is...Re-running ComboFix to remove infections: Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Quote KillAll:: DDS:: Trusted Zone: netzero.com Trusted Zone: netzero.net Save this as CFScript.txt, in the same location as ComboFix.exe Referring to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt I do not need to see the log from this action. Quote oh and what is an HJT? You've never told me to run it before and I have no idea what that is... Sorry.Here it is. Please download: HiJackThis to your Desktop. Double Click the HijackThis icon, located on your Desktop. By Default, it will install to: C:\Program Files\Trend Micro\HijackThis Accept the license agreement. Click the Open the Misc Tools section button. Place a checkmark beside Calculate MD5 of files if possible. Then, click Back. Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan*. Please post the log in your next reply. Logfile of Trend Micro HijackThis v2.0.2 Scan SAVED at 11:49:34 PM, on 9/29/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18498) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\ICO.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\NetZero\exec.exe C:\Windows\ehome\ehtray.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\HP Connections\6811507\Program\HP Connections.exe C:\Program Files\V CAST Music Manager\MEMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Windows\System32\rundll32.exe C:\Windows\System32\Pelmiced.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\NetZero\exec.exe C:\Program Files\NetZero\qsacc\x1exec.exe C:\Program Files\AIM6\aolsoftware.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A) O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (filesize 211720 bytes, MD5 E194E3DF6BA5487F2B67FFAED9CF4D49) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831) O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (filesize 297456 bytes, MD5 F65776B8C0C9DF600BC6FBD73796F5D3) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 413696 bytes, MD5 F34EB5D4F145ED5FE50033CA3A41ED24) O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (filesize 289064 bytes, MD5 4CED92963F453EB8DCFE67FD4248D657) O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (filesize 167936 bytes, MD5 F4810C2DC4F2E92E1B5EBCA2173DBBCE) O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE (filesize 49152 bytes, MD5 EDE74971B94F39238817BD0362FA171A) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 39792 bytes, MD5 8B9145D229D4E89D15ACB820D4A3A90F) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (filesize 144784 bytes, MD5 6AB4C021FBD36DC6764924C312428D97) O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeC:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A) O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A) O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (filesize 1233920 bytes, MD5 FD278E51A7D6F52D22FCE6C67E037AD6) O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun (filesize 1629184 bytes, MD5 105BCCEF090AE7DA70046E3FB0EC10C8) O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeC:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (filesize 50528 bytes, MD5 A29F21DC5C28D85592E84CFCAD3ED52B) O4 - Startup: MEMonitor.lnk = C:\Program Files\V CAST Music Manager\MEMonitor.exe (filesize 951640 bytes, MD5 C1EEFC1FC617ED9CC1808C20F5E801A3) O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (filesize 393216 bytes, MD5 F5CECCFE0CF964B209DCAB226D4C1DE3) O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (filesize 34520 bytes, MD5 3754F4C688BFD04BC886112BD6566A9B) O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (filesize 39464 bytes, MD5 AEF204E782BFA2C8448CB43A58960744) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217560870556&h=abf1acf1380dd4d78c5840bafbfae17d/&filename=jinstall-6u7-windows-i586-jc.cab O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exeC:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exeC:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: SYMANTEC Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exeC:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeC:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exeC:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11542 bytes The logs look clean. Please go ahead with the cleanup listed in Reply #30Thanks SuperDave! Okay so just to clarify before I commence clean up, when TFC restarts my computer and if I need to manually restart my computer, what do you mean by that? because last time it restarted and then gave me a choice of restarting normally and then a recommended choice of restarting with the restore because the laptop thought that there was damage which I did and then screwed everything up again. Just skip the TFC. You can do a disk cleanup yourself. Just click on My Computer, right-click on your C drive, click Properties and select Disk cleanup. I don't see disk cleanup. Is that the same as format?No. Not the same as format. After you click Properties, Select General at the top left. Disk Cleanup is just below the pie chart of your C drive to the right. I did it!!! Thank you, SuperDave!!!! It took a bit longer than expected because of the unexpected bump we encountered but I really appreciate all your advice and patience!!You're welcome. Stay safe.Quote You can uninstall it or download and install MSE which, in my opinion, is a better AV program. If you do decide to change AV's download and install the new one before uninstalling the old one. You will also have to re-install MicroSoft Word. Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download Microsoft Security Essentials for Windows XP The link on the Microsoft Security Essentials for Windows Vista\Windows 7 downloaded a program that wouldn't install saying it wasn't compatible with my system and then the 64 bit Download downloaded SPYWARE DOCTOR WITH ANTIVIRUS. Should I have both on here? I have Vista.Try this site for the download. You can select the one for Vista and you can also keep Spyware Doctor, if you wish.

Answer»

If ComboFix is still on your computer you should find it on your desktop. If you can't find, please download and install another one and run another scan and post the log.ComboFix 10-09-29.01 - Jinju 09/29/2010 18:12:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.437 [GMT -4:00]
Running from: c:\users\Jinju\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new RESTORE point
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 22:28 . 2010-09-29 22:28--------d-----w-c:\users\Public\AppData\Local\temp
2010-09-29 22:28 . 2010-09-29 22:28--------d-----w-c:\users\Jinhee\AppData\Local\temp
2010-09-29 22:28 . 2010-09-29 22:28--------d-----w-c:\users\Default\AppData\Local\temp
2010-09-29 22:07 . 2010-09-29 22:08--------d-----w-C:\32788R22FWJFW
2010-09-28 20:44 . 2010-06-22 12:572048----a-w-c:\windows\system32\tzres.dll
2010-09-23 20:19 . 2010-09-23 20:191377632----a-w-c:\programdata\avg9\update\backup\avgssff.dll
2010-09-23 20:19 . 2010-09-23 20:19598368----a-w-c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 20:19 . 2010-09-23 20:19942432----a-w-c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 20:19 . 2010-09-23 20:194371296----a-w-c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-23 20:19 . 2010-09-23 20:19300896----a-w-c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 20:15 . 2010-09-23 20:151690952----a-w-c:\programdata\avg9\update\backup\avgupd.dll
2010-09-23 07:21 . 2010-04-14 17:47293376----a-w-c:\windows\system32\psisdecd.dll
2010-09-23 07:21 . 2010-04-14 17:46428544----a-w-c:\windows\system32\EncDec.dll
2010-09-23 07:18 . 2009-11-08 14:5599176----a-w-c:\windows\system32\PresentationHostProxy.dll
2010-09-23 07:18 . 2009-11-08 14:5549472----a-w-c:\windows\system32\netfxperf.dll
2010-09-23 07:18 . 2009-11-08 14:55297808----a-w-c:\windows\system32\mscoree.dll
2010-09-23 07:18 . 2009-11-08 14:55295264----a-w-c:\windows\system32\PresentationHost.exe
2010-09-23 07:18 . 2009-11-08 14:551130824----a-w-c:\windows\system32\dfshim.dll
2010-09-23 00:17 . 2010-06-11 15:31274432----a-w-c:\windows\system32\schannel.dll
2010-09-23 00:17 . 2008-08-02 01:01625152----a-w-c:\windows\system32\drivers\dxgkrnl.sys
2010-09-23 00:17 . 2008-06-26 03:29565248----a-w-c:\windows\system32\emdmgmt.dll
2010-09-23 00:17 . 2008-08-02 03:2636864----a-w-c:\windows\system32\cdd.dll
2010-09-23 00:17 . 2008-06-26 03:2945056----a-w-c:\windows\system32\dataclen.dll
2010-09-23 00:17 . 2008-05-20 02:07148480----a-w-c:\windows\system32\drivers\nwifi.sys
2010-09-23 00:17 . 2010-05-27 19:1681920----a-w-c:\windows\system32\iccvid.dll
2010-09-23 00:17 . 2009-08-24 12:16378368----a-w-c:\windows\system32\winhttp.dll
2010-09-23 00:17 . 2010-04-05 16:0767072----a-w-c:\windows\system32\asycfilt.dll
2010-09-23 00:17 . 2010-06-21 13:182036736----a-w-c:\windows\system32\win32k.sys
2010-09-23 00:08 . 2010-06-08 17:003598216----a-w-c:\windows\system32\ntkrnlpa.exe
2010-09-23 00:08 . 2010-06-08 17:003545992----a-w-c:\windows\system32\ntoskrnl.exe
2010-09-23 00:07 . 2010-04-16 16:101314816----a-w-c:\windows\system32\quartz.dll
2010-09-23 00:07 . 2010-06-11 15:301257472----a-w-c:\windows\system32\msxml3.dll
2010-09-23 00:07 . 2008-09-18 04:56125952----a-w-c:\windows\system32\wersvc.dll
2010-09-23 00:07 . 2008-09-18 04:56147456----a-w-c:\windows\system32\Faultrep.dll
2010-09-23 00:07 . 2010-06-18 14:43302080----a-w-c:\windows\system32\drivers\srv.sys
2010-09-23 00:07 . 2010-06-18 14:43144896----a-w-c:\windows\system32\drivers\srv2.sys
2010-09-23 00:07 . 2008-05-08 21:5990112----a-w-c:\windows\system32\wshext.dll
2010-09-23 00:07 . 2008-05-08 21:59155648----a-w-c:\windows\system32\wscript.exe
2010-09-23 00:07 . 2008-05-08 21:59180224----a-w-c:\windows\system32\scrobj.dll
2010-09-23 00:07 . 2008-05-08 21:59172032----a-w-c:\windows\system32\scrrun.dll
2010-09-23 00:07 . 2008-05-08 21:58135168----a-w-c:\windows\system32\cscript.exe
2010-09-23 00:03 . 2008-04-05 03:3415360----a-w-c:\windows\system32\pacerprf.dll
2010-09-23 00:03 . 2008-04-05 01:2172192----a-w-c:\windows\system32\drivers\pacer.sys
2010-09-23 00:03 . 2010-04-16 16:0528672----a-w-c:\windows\system32\Apphlpdm.dll
2010-09-23 00:03 . 2010-04-16 14:174240384----a-w-c:\windows\system32\GameUXLegacyGDFs.dll
2010-09-23 00:02 . 2010-06-18 16:4336352----a-w-c:\windows\system32\rtutils.dll
2010-09-23 00:02 . 2010-05-26 14:25289792----a-w-c:\windows\system32\atmfd.dll
2010-09-23 00:02 . 2009-10-19 14:2472704----a-w-c:\windows\system32\fontsub.dll
2010-09-23 00:02 . 2010-05-26 16:1634304----a-w-c:\windows\system32\atmlib.dll
2010-09-23 00:02 . 2009-06-15 15:2010240----a-w-c:\windows\system32\dciman32.dll
2010-09-23 00:00 . 2010-06-16 15:59898952----a-w-c:\windows\system32\drivers\tcpip.sys
2010-09-22 23:51 . 2010-08-17 13:32126464----a-w-c:\windows\system32\spoolsv.exe
2010-09-22 23:40 . 2010-04-16 16:10501760----a-w-c:\windows\system32\usp10.dll
2010-09-22 23:34 . 2010-04-05 16:08317952----a-w-c:\windows\system32\MP4SDECD.DLL
2010-09-22 23:26 . 2010-05-27 19:16738816----a-w-c:\windows\system32\inetcomm.dll
2010-09-22 23:25 . 2009-10-19 14:27156672----a-w-c:\windows\system32\t2embed.dll
2010-09-22 23:25 . 2010-02-23 11:32105984----a-w-c:\windows\system32\drivers\mrxsmb.sys
2010-09-22 23:25 . 2010-02-23 11:3278848----a-w-c:\windows\system32\drivers\mrxsmb20.sys
2010-09-22 23:25 . 2010-02-23 11:32212992----a-w-c:\windows\system32\drivers\mrxsmb10.sys
2010-09-22 23:24 . 2009-07-11 19:32513024----a-w-c:\windows\system32\wlansvc.dll
2010-09-22 23:24 . 2009-07-11 19:32302592----a-w-c:\windows\system32\wlansec.dll
2010-09-22 23:24 . 2009-07-11 19:32293376----a-w-c:\windows\system32\wlanmsm.dll
2010-09-22 23:24 . 2009-07-11 19:29127488----a-w-c:\windows\system32\L2SecHC.dll
2010-09-22 23:22 . 2009-08-14 14:169728----a-w-c:\windows\system32\TCPSVCS.EXE
2010-09-22 23:22 . 2009-08-14 14:1617920----a-w-c:\windows\system32\ROUTE.EXE
2010-09-22 23:22 . 2009-08-14 14:1627136----a-w-c:\windows\system32\NETSTAT.EXE
2010-09-22 23:21 . 2009-08-14 16:29104960----a-w-c:\windows\system32\netiohlp.dll
2010-09-22 23:21 . 2009-08-14 14:1611264----a-w-c:\windows\system32\MRINFO.EXE
2010-09-22 23:21 . 2009-08-14 14:168704----a-w-c:\windows\system32\HOSTNAME.EXE
2010-09-22 23:21 . 2009-08-14 14:1610240----a-w-c:\windows\system32\finger.exe
2010-09-22 23:21 . 2009-08-14 14:1619968----a-w-c:\windows\system32\ARP.EXE
2010-09-22 23:21 . 2009-08-14 16:2917920----a-w-c:\windows\system32\netevent.dll
2010-09-22 23:19 . 2009-09-10 17:30213504----a-w-c:\windows\system32\msv1_0.dll
2010-09-22 23:09 . 2008-10-22 03:57241152----a-w-c:\windows\system32\PortableDeviceApi.dll
2010-09-22 04:34 . 2008-06-20 01:1497800----a-w-c:\windows\system32\infocardapi.dll
2010-09-22 04:34 . 2008-06-20 01:14105016----a-w-c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-09-22 04:34 . 2008-06-20 01:1411264----a-w-c:\windows\system32\icardres.dll
2010-09-22 04:34 . 2008-06-20 01:14622080----a-w-c:\windows\system32\icardagt.exe
2010-09-22 04:34 . 2008-06-20 01:14781344----a-w-c:\windows\system32\PresentationNative_v0300.dll
2010-09-22 04:25 . 2008-07-27 18:03158720----a-w-c:\windows\system32\mscorier.dll
2010-09-22 04:25 . 2008-07-27 18:0383968----a-w-c:\windows\system32\mscories.dll
2010-09-22 04:22 . 2010-02-20 23:3924064----a-w-c:\windows\system32\nshhttp.dll
2010-09-22 04:22 . 2010-02-20 23:3731232----a-w-c:\windows\system32\httpapi.dll
2010-09-22 04:22 . 2010-02-20 21:18411136----a-w-c:\windows\system32\drivers\http.sys
2010-09-22 03:59 . 2010-04-29 19:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 03:59 . 2010-04-29 19:3920952----a-w-c:\windows\system32\drivers\mbam.sys
2010-09-22 03:40 . 2010-09-22 03:4052224----a-w-c:\users\Jinju\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 03:40 . 2010-09-22 03:4063488----a-w-c:\users\Jinju\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-22 03:40 . 2010-09-22 03:40117760----a-w-c:\users\Jinju\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-21 22:00 . 2010-09-21 22:00165632---ha-w-c:\windows\system32\mlfcache.dat
2010-09-21 22:00 . 2010-09-21 22:002788816----a-w-c:\users\Jinju\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-09-21 11:56 . 2010-09-21 11:56658184----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-21 11:28 . 2010-09-21 11:28--------d-----w-c:\programdata\Office Genuine Advantage
2010-09-21 05:37 . 2010-09-21 05:372384752----a-w-c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-09-21 05:28 . 2010-09-21 05:2920519176----a-w-c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe
2010-09-21 05:08 . 2008-01-19 07:361541120----a-w-c:\windows\system32\onex.dll
2010-09-21 05:08 . 2008-01-19 07:332623488----a-w-c:\windows\system32\SLsvc.exe
2010-09-21 05:06 . 2008-01-19 07:361013760----a-w-c:\windows\system32\wevtsvc.dll
2010-09-21 05:04 . 2008-01-19 07:35216064----a-w-c:\windows\system32\ntprint.dll
2010-09-21 05:03 . 2008-01-19 07:36242688----a-w-c:\windows\system32\pdh.dll
2010-09-21 05:02 . 2008-01-19 07:34394240----a-w-c:\windows\system32\dsquery.dll
2010-09-21 05:01 . 2008-01-19 07:371329152----a-w-c:\windows\system32\WMSPDMOE.DLL
2010-09-21 05:00 . 2008-01-19 07:3331744----a-w-c:\windows\system32\bitsigd.dll
2010-09-21 04:59 . 2008-01-19 07:3317408----a-w-c:\windows\system32\cfgmgr32.dll
2010-09-21 04:58 . 2008-01-19 07:33599552----a-w-c:\windows\system32\vsp1cln.exe
2010-09-21 04:57 . 2008-01-19 07:34102400----a-w-c:\windows\system32\wbem\mofinstall.dll
2010-09-21 04:57 . 2008-01-19 07:3683968----a-w-c:\windows\system32\wbem\wmiutils.dll
2010-09-21 04:57 . 2008-01-19 07:36742912----a-w-c:\windows\system32\wbem\wbemcore.dll
2010-09-21 04:57 . 2008-01-19 07:3630208----a-w-c:\windows\system32\wbem\wbemprox.dll
2010-09-21 04:57 . 2008-01-19 07:36357888----a-w-c:\windows\system32\wbemcomn.dll
2010-09-21 04:57 . 2008-01-19 07:36264704----a-w-c:\windows\system32\wbem\repdrvfs.dll
2010-09-21 04:57 . 2008-01-19 07:34191488----a-w-c:\windows\system32\wbem\mofd.dll
2010-09-21 04:57 . 2008-01-19 07:34263168----a-w-c:\windows\system32\wbem\esscli.dll
2010-09-21 04:56 . 2008-01-19 07:36139264----a-w-c:\windows\system32\SmiInstaller.dll
2010-09-21 04:56 . 2008-01-19 07:36704512----a-w-c:\windows\system32\SmiEngine.dll
2010-09-21 04:56 . 2008-01-19 07:36218624----a-w-c:\windows\system32\wdscore.dll
2010-09-21 04:56 . 2008-01-19 07:33130560----a-w-c:\windows\system32\PkgMgr.exe
2010-09-21 04:54 . 2008-01-19 07:34246784----a-w-c:\windows\system32\drvstore.dll
2010-09-21 04:54 . 2008-01-19 07:3535328----a-w-c:\windows\system32\mspatcha.dll
2010-09-21 04:54 . 2008-01-19 07:34305152----a-w-c:\windows\system32\msdelta.dll
2010-09-21 04:54 . 2008-01-19 07:34258560----a-w-c:\windows\system32\dpx.dll
2010-09-21 04:52 . 2008-10-21 05:251645568----a-w-c:\windows\system32\connect.dll
2010-09-21 04:51 . 2010-01-25 08:34511488----a-w-c:\windows\system32\RMActivate.exe
2010-09-21 04:51 . 2010-01-25 08:35523776----a-w-c:\windows\system32\RMActivate_isv.exe
2010-09-21 04:51 . 2010-01-25 12:48472576----a-w-c:\windows\system32\secproc_isv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 22:55 . 2010-09-23 22:550---ha-w-c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-09-23 20:30 . 2008-07-25 21:33--------d-----w-c:\users\Jinju\AppData\Roaming\OpenOffice.org2
2010-09-23 07:54 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail
2010-09-23 07:26 . 2007-06-29 13:00--------d-----w-c:\programdata\Microsoft Help
2010-09-22 00:25 . 2007-09-05 00:5097936----a-w-c:\users\Jinju\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-22 00:16 . 2006-11-02 10:2586016----a-w-c:\windows\Inf\infstor.dat
2010-09-22 00:16 . 2006-11-02 10:2551200----a-w-c:\windows\Inf\infpub.dat
2010-09-22 00:16 . 2006-11-02 10:25143360----a-w-c:\windows\Inf\infstrng.dat
2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Sidebar
2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Calendar
2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Collaboration
2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Journal
2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Photo Gallery
2010-09-22 00:07 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Defender
2010-09-22 00:01 . 2006-11-02 10:25665600----a-w-c:\windows\Inf\drvindex.dat
2010-09-21 23:14 . 2006-11-02 10:32101888----a-w-c:\windows\system32\ifxcardm.dll
2010-09-21 23:13 . 2006-11-02 10:3282432----a-w-c:\windows\system32\axaltocm.dll
2010-09-21 06:42 . 2007-06-29 12:58--------d-----w-c:\program files\Microsoft Works
2010-09-21 06:32 . 2008-08-07 02:45--------d-----w-c:\programdata\WildTangent
2010-09-21 06:32 . 2008-03-29 02:28--------d-----w-c:\program files\Safari
2010-09-21 06:32 . 2008-08-11 03:25--------d-----w-c:\program files\QuickTime
2010-09-21 06:32 . 2007-09-10 01:12--------d-----w-c:\program files\NetZero
2010-09-21 06:32 . 2008-08-11 03:29--------d-----w-c:\program files\iTunes
2010-09-21 06:32 . 2006-11-30 22:49--------d-----w-c:\program files\HP Games
2010-09-21 06:32 . 2008-08-11 03:27--------d-----w-c:\program files\Bonjour
2010-09-21 06:29 . 2007-10-22 07:00--------d-----w-c:\users\Jinju\AppData\Roaming\Move Networks
2010-09-21 06:29 . 2007-09-10 01:19--------d-----w-c:\program files\iPod
2010-09-21 06:29 . 2007-06-29 13:05--------d-----w-c:\program files\HP
2010-09-21 03:49 . 2007-09-05 02:3613025----a-w-c:\users\Jinju\AppData\Roaming\nvModes.dat
2010-09-21 03:25 . 2007-10-03 03:09--------d-----w-c:\programdata\Viewpoint
2010-09-19 22:45 . 2008-07-08 21:07--------d-----w-c:\program files\AVG
2010-09-15 22:51 . 2010-06-27 19:43--------d-----w-c:\programdata\WinZip
2010-09-14 04:00 . 2007-11-29 01:091356----a-w-c:\users\Jinju\AppData\Local\d3d9caps.dat
2010-09-13 13:49 . 2010-02-16 20:17--------d-----w-c:\program files\Microsoft Silverlight
2010-09-08 00:30 . 2009-05-28 18:37--------d-----w-c:\programdata\Motive
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*NOTE* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2007-03-07 1629184]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 1474560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-18 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-18 7753728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-18 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Jinju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\V CAST Music Manager\MEMonitor.exe [2007-11-2 951640]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2007-6-29 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S4 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys

--- Other Services/Drivers In Memory ---

*Deregistered* - AvgLdx86
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{90EE62B4-9066-4567-B527-472EEF2CA871}.job
- c:\windows\system32\msfeedssync.exe [2010-09-21 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/SEARCH?r=minisearch
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: netzero.com
Trusted Zone: netzero.net
FF - ProfilePath - c:\users\Jinju\AppData\Roaming\Mozilla\Firefox\Profiles\w5fweigy.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 18:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-29 18:33:46
ComboFix-quarantined-files.txt 2010-09-29 22:33

Pre-Run: 73,712,840,704 bytes free
Post-Run: 73,612,976,128 bytes free

- - End Of File - - BAAE23D9312E5BAE78E43F64E6E7ED60oh and what is an HJT? You've never told me to run it before and I have no idea what that is...Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

DDS::
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I do not need to see the log from this action.

Quote

oh and what is an HJT? You've never told me to run it before and I have no idea what that is...

Sorry.Here it is.

Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

Logfile of Trend Micro HijackThis v2.0.2
Scan SAVED at 11:49:34 PM, on 9/29/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetZero\exec.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\System32\rundll32.exe
C:\Windows\System32\Pelmiced.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (filesize 211720 bytes, MD5 E194E3DF6BA5487F2B67FFAED9CF4D49)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (filesize 297456 bytes, MD5 F65776B8C0C9DF600BC6FBD73796F5D3)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 413696 bytes, MD5 F34EB5D4F145ED5FE50033CA3A41ED24)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (filesize 289064 bytes, MD5 4CED92963F453EB8DCFE67FD4248D657)
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (filesize 167936 bytes, MD5 F4810C2DC4F2E92E1B5EBCA2173DBBCE)
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE (filesize 49152 bytes, MD5 EDE74971B94F39238817BD0362FA171A)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 39792 bytes, MD5 8B9145D229D4E89D15ACB820D4A3A90F)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (filesize 144784 bytes, MD5 6AB4C021FBD36DC6764924C312428D97)
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeC:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (filesize 1233920 bytes, MD5 FD278E51A7D6F52D22FCE6C67E037AD6)
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun (filesize 1629184 bytes, MD5 105BCCEF090AE7DA70046E3FB0EC10C8)
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeC:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (filesize 50528 bytes, MD5 A29F21DC5C28D85592E84CFCAD3ED52B)
O4 - Startup: MEMonitor.lnk = C:\Program Files\V CAST Music Manager\MEMonitor.exe (filesize 951640 bytes, MD5 C1EEFC1FC617ED9CC1808C20F5E801A3)
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (filesize 393216 bytes, MD5 F5CECCFE0CF964B209DCAB226D4C1DE3)
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (filesize 34520 bytes, MD5 3754F4C688BFD04BC886112BD6566A9B)
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (filesize 39464 bytes, MD5 AEF204E782BFA2C8448CB43A58960744)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217560870556&h=abf1acf1380dd4d78c5840bafbfae17d/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exeC:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exeC:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: SYMANTEC Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exeC:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeC:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exeC:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11542 bytes
The logs look clean. Please go ahead with the cleanup listed in Reply #30Thanks SuperDave!
Okay so just to clarify before I commence clean up, when TFC restarts my computer and if I need to manually restart my computer, what do you mean by that? because last time it restarted and then gave me a choice of restarting normally and then a recommended choice of restarting with the restore because the laptop thought that there was damage which I did and then screwed everything up again. Just skip the TFC. You can do a disk cleanup yourself. Just click on My Computer, right-click on your C drive, click Properties and select Disk cleanup. I don't see disk cleanup. Is that the same as format?No. Not the same as format. After you click Properties, Select General at the top left. Disk Cleanup is just below the pie chart of your C drive to the right. I did it!!! Thank you, SuperDave!!!! It took a bit longer than expected because of the unexpected bump we encountered but I really appreciate all your advice and patience!!You're welcome. Stay safe.Quote

You can uninstall it or download and install MSE which, in my opinion, is a better AV program. If you do decide to change AV's download and install the new one before uninstalling the old one. You will also have to re-install MicroSoft Word.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

The link on the Microsoft Security Essentials for Windows Vista\Windows 7 downloaded a program that wouldn't install saying it wasn't compatible with my system and then the 64 bit Download downloaded SPYWARE DOCTOR WITH ANTIVIRUS. Should I have both on here? I have Vista.Try this site for the download. You can select the one for Vista and you can also keep Spyware Doctor, if you wish.

Solve : Infected wuauclt.exe?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment